Thanks Chris, for sure we've got an upgrade on the roadmap for the next quarter
so we'll give the latest 8.5 a try.
Cheers.
/rt.
On 2021-03-16, 9:39 AM, "Christopher Schultz" <ch...@christopherschultz.net>
wrote:
Rick,
Any chance you can try-out 8.5.latest? Your version is super old. It's
possible it's a bug that was fixed in the (distant?) past.
-chris
On 3/16/21 09:33, Trudeau, Rick (Nokia - CA/Ottawa) wrote:
>
>
> On 2021-03-04, 2:45 PM, "Trudeau, Rick (Nokia - CA/Ottawa)"
<rick.trud...@nokia.com> wrote:
>
> Chris,
>
> On 2021-03-04, 12:07 PM, "Christopher Schultz"
<ch...@christopherschultz.net> wrote:
>
> Rick,
>
> On 3/3/21 09:23, Trudeau, Rick (Nokia - CA/Ottawa) wrote:
> >
> > Tomcat version: 8.5.34
> >
> > Hello,
> > I’m wondering if anyone has any theories about an SSL config
related exception that we hit periodically on Tomcat startup that prevents the
system from initializing properly.
> > I’ll emphasize “periodically” here, because we only trigger
this rarely and have no reliable way of triggering the problem.
> > The exception seems to indicate that the certificateFile is
missing, which is strange given that the certificateKeystoreFile is provided
and available on the filesystem.
> > My understanding is that a certificateFile would is not
required when using a certificateKeystoreFile.
> > Any idea why there could be a certifificateFile related
exception when the certificateKeystoreFile is configured?
> >
> > The stack trace is:
> >
> > 2021.02.28 21:19:48 890 +0000 SEVERE
org.apache.catalina.core.StandardService Failed to initialize connector
[Connector[HTTP/1.1-8544]]
> > org.apache.catalina.LifecycleException: Failed to initialize
component [Connector[HTTP/1.1-8544]]
> > at
org.apache.catalina.util.LifecycleBase.init(LifecycleBase.java:112)
> > at
org.apache.catalina.core.StandardService.initInternal(StandardService.java:552)
> > at
org.apache.catalina.util.LifecycleBase.init(LifecycleBase.java:107)
> > at
org.apache.catalina.core.StandardServer.initInternal(StandardServer.java:875)
> > at
org.apache.catalina.util.LifecycleBase.init(LifecycleBase.java:107)
> > at
org.apache.catalina.startup.Catalina.load(Catalina.java:632)
> > at
org.apache.catalina.startup.Catalina.load(Catalina.java:655)
> > at
sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
> > at
sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:62)
> > at
sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)
> > at java.lang.reflect.Method.invoke(Method.java:498)
> > at
org.apache.catalina.startup.Bootstrap.load(Bootstrap.java:309)
> > at
org.apache.catalina.startup.Bootstrap.main(Bootstrap.java:492)
> > Caused by: org.apache.catalina.LifecycleException: Protocol
handler initialization failed
> > at
org.apache.catalina.connector.Connector.initInternal(Connector.java:995)
> > at
org.apache.catalina.util.LifecycleBase.init(LifecycleBase.java:107)
> > ... 12 more
> > Caused by: java.lang.IllegalArgumentException: SSLHostConfig
attribute certificateFile must be defined when using an SSL connector
> > at
org.apache.tomcat.util.net.AbstractJsseEndpoint.createSSLContext(AbstractJsseEndpoint.java:115)
> > at
org.apache.tomcat.util.net.AbstractJsseEndpoint.initialiseSsl(AbstractJsseEndpoint.java:86)
> > at
org.apache.tomcat.util.net.NioEndpoint.bind(NioEndpoint.java:244)
> > at
org.apache.tomcat.util.net.AbstractEndpoint.init(AbstractEndpoint.java:1087)
> > at
org.apache.tomcat.util.net.AbstractJsseEndpoint.init(AbstractJsseEndpoint.java:265)
> > at
org.apache.coyote.AbstractProtocol.init(AbstractProtocol.java:581)
> > at
org.apache.coyote.http11.AbstractHttp11Protocol.init(AbstractHttp11Protocol.java:68)
> > at
org.apache.catalina.connector.Connector.initInternal(Connector.java:993)
> > ... 13 more
> > Caused by: java.io.IOException: SSLHostConfig attribute
certificateFile must be defined when using an SSL connector
> > at
org.apache.tomcat.util.net.jsse.JSSEUtil.getKeyManagers(JSSEUtil.java:203)
> > at
org.apache.tomcat.util.net.AbstractJsseEndpoint.createSSLContext(AbstractJsseEndpoint.java:113)
> > ... 20 more
> >
> > Our connector is defined as follows:
> >
> > <Connector port="8544"
> > protocol="HTTP/1.1"
> > compression="on"
> >
compressibleMimeType="text/html,text/xml,text/plain,text/css,application/javascript,application/json"
> > compressionMinSize="2048"
> > connectionTimeout="60000"
> > maxHttpHeaderSize="65536"
> > scheme="https"
> > secure="true"
> > relaxedQueryChars="[]"
> > SSLEnabled="true">
> > <SSLHostConfig sslProtocol="TLS"
> > protocols=" TLSv1.2"
> > certificateVerification="optional"
> > honorCipherOrder="true"
> > ciphers="${server.cipher.suites.List}">
> > <Certificate
certificateKeystoreFile="/opt/nsp/os/ssl/nsp.keystore"
> >
certificateKeystorePassword="secret"
> > type="RSA"
> >
certificateKeyPassword="secret" />
> > </SSLHostConfig>
> > </Connector>
>
> > Are you using tcnative and/or the APR connector? Your
<Connector>
> > doesn't choose, so the selection of the connector type will
depend upon
> > other configuration and/or the presence of the libtcnatire
library.
>
> > -chris
>
>
> Thanks for the reply Chris.
> Our deployment isn't using tcnative or the APR connector.
>
> /rt.
>
>
>
> Hi Chris,
> Any clues/theories on this one? Googling this error signature isn't
leading to many findings.
> Would it possible to trigger this stack trace if there is a problem with
the certs in the configured keystore, or something else related to the keystore?
>
> Thanks.
> /rt.
>
>
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
> For additional commands, e-mail: users-h...@tomcat.apache.org
>
---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org
